[
https://issues.apache.org/jira/browse/SLING-9397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Cris Rockwell updated SLING-9397:
---------------------------------
Description:
Here is a pull request which adds an authentication handler for a SAML2 Service
Provider via the embedded OpenSAML V3 dependencies
[https://github.com/apache/sling-whiteboard/pull/51]
*TODO Before Initial*
[X] Sync attributes released by the IDP
[X] Confirm license and attribution
"As the code is ASL2 and does not require a notice or anything else, we don't
need to mention in. But I think its usually good style to do so and have a
single sentence in our NOTICE that we include (modified) code from ... which
has ASL2 as the license"
*TODO After Initial*
[X] Get confirmation the project builds and operates as expected
[X] Ensure that the NOTICE file is the correct one
[X] Testing setup ( documentation, local SAML provider, etc )
[X] Clarify whether we can depend on artifacts not deployed on Maven Central
[X] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects
* [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]
[X] Decide whether to make signing and encryption optional. Currently it is
required
[X] Get feedback whether README instructions are too much, too little,
unclear, etc
[X] Consider whether use of {{SAML2ConfigService}} and
{{SAML2ConfigServiceImpl}} is a good design or not.
[ ] Find and fix any bugs.
was:
Here is a pull request which adds an authentication handler for a SAML2 Service
Provider via the embedded OpenSAML V3 dependencies
[https://github.com/apache/sling-whiteboard/pull/51]
*TODO Before Initial*
[X] Sync attributes released by the IDP
[X] Confirm license and attribution
"As the code is ASL2 and does not require a notice or anything else, we don't
need to mention in. But I think its usually good style to do so and have a
single sentence in our NOTICE that we include (modified) code from ... which
has ASL2 as the license"
*TODO After Initial*
[X] Get confirmation the project builds and operates as expected
[X] Ensure that the NOTICE file is the correct one
[X] Testing setup ( documentation, local SAML provider, etc )
[X] Clarify whether we can depend on artifacts not deployed on Maven Central
[X] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects
* [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]
[X] Decide whether to make signing and encryption optional. Currently it is
required
[X] Get feedback whether README instructions are too much, too little, unclear,
etc
[ ] Consider whether use of {{SAML2ConfigService}} and
{{SAML2ConfigServiceImpl}} is a good design or not.
[ ] Find and fix any bugs.
> SAML2 Authentication Handler [initial submission]
> -------------------------------------------------
>
> Key: SLING-9397
> URL: https://issues.apache.org/jira/browse/SLING-9397
> Project: Sling
> Issue Type: New Feature
> Components: Authentication
> Environment: localhost
> Reporter: Cris Rockwell
> Assignee: Cris Rockwell
> Priority: Major
> Labels: SAML, authentification, security, user_management
> Original Estimate: 168h
> Time Spent: 1h 20m
> Remaining Estimate: 166h 40m
>
> Here is a pull request which adds an authentication handler for a SAML2
> Service Provider via the embedded OpenSAML V3 dependencies
> [https://github.com/apache/sling-whiteboard/pull/51]
>
> *TODO Before Initial*
> [X] Sync attributes released by the IDP
> [X] Confirm license and attribution
> "As the code is ASL2 and does not require a notice or anything else, we don't
> need to mention in. But I think its usually good style to do so and have a
> single sentence in our NOTICE that we include (modified) code from ... which
> has ASL2 as the license"
>
> *TODO After Initial*
> [X] Get confirmation the project builds and operates as expected
> [X] Ensure that the NOTICE file is the correct one
> [X] Testing setup ( documentation, local SAML provider, etc )
> [X] Clarify whether we can depend on artifacts not deployed on Maven Central
> [X] Review Web Browser SSO Profile Specification 4.1 and confirm all aspects
> * [https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf]
> [X] Decide whether to make signing and encryption optional. Currently it is
> required
> [X] Get feedback whether README instructions are too much, too little,
> unclear, etc
> [X] Consider whether use of {{SAML2ConfigService}} and
> {{SAML2ConfigServiceImpl}} is a good design or not.
> [ ] Find and fix any bugs.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
